Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Search for:

Corel PaintShop Pro Insecure Library Loading

Disclosed October 4, 2013 Zeroday : 667 days

Vulnerability Description:

PaintShop Pro insecurely loads libraries, such as dwmapi.dll. If an attacker convinces a user to open a .jpg file on an attacker-controlled WebDAV or SMB share, the vulnerability would be exploited, granting the attacker the ability to execute arbitrary code.

Vendors:

Corel

Vulnerable Software/Devices:

Corel PaintShop Pro X5 15.2.0.2 and possibly prior versions

Corel PaintShop Pro X6 16.0.0.113 and possibly prior versions

Vulnerability Severity:

High

Exploit Availability:

Publicly Available

Exploit Impact:

Insecure Library LoadingExploitation of this vulnerability is possible through the use of methods like drive-by attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.